USN-1754-1: Sudo vulnerability

28 February 2013

Sudo could be made to run programs as the administrator without a password prompt.

Releases

Packages

  • sudo - Provide limited super user privileges to specific users

Details

Marco Schoepl discovered that Sudo incorrectly handled time stamp files
when the system clock is set to epoch. A local attacker could use this
issue to run Sudo commands without a password prompt.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.04
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04

In general, a standard system update will make all the necessary changes.

References